I have an issue with a site-to-site VPN tunnel between a ASA5510 and 887VA. I have two tunnels connected to the ASA and one seems to be affected where by the tunnel is disconnected and brought up around every 20 seconds. The tunnel is re-established instantly but this break in transmission is causing application issues.
I wonder if you wonderful people might help me troubleshoot this issue. Please be gentle i am no VPN expert.
Look forward to your suggestions
After running a debug i have the follwing outputted:
>Apr 22 11:56:52 [IKEv1]Group = 18.104.22.168, IP = 22.214.171.124, QM FSM error (P2 struct &0xad825390, mess id 0xae7b95c7)!
Apr 22 11:56:52 [IKEv1]Group = 126.96.36.199, IP = 188.8.131.52, Removing peer from correlator table failed, no match!
Apr 22 11:56:52 [IKEv1]Group = 184.108.40.206, IP = 220.127.116.11, Session is being torn down. Reason: User Requested
Apr 22 11:57:22 [IKEv1]Group = 18.104.22.168, IP = 22.214.171.124, QM FSM error (P2 struct &0xaf1ba7a8, mess id 0x6e17a402
please look at following URL.
The IPsec L2L VPN tunnel does not come up on the PIX firewall or ASA, and the QM FSM error message appears.
One possible reason is the proxy identities, such as interesting traffic, access control list (ACL) or crypto ACL, do not match on both the ends. Check the configuration on both the devices, and make sure that the crypto ACLs match.
Another possible reason is mismatching of the transform set parameters. Make sure that at both ends, VPN gateways use the same transform set with the exact same parameters.